Polygon Resolves Bug That Risked $24B of MATIC Tokens

• Avinandan Banerjee
• December 30, 2021

Working as a powerful decentralized layer two scaling channel running on Ethereum, Polygon recently saved a whopping $24B worth of MATIC tokens from a malicious bug hack. The glitch occurred at the time of the upgrade posing a serious risk for the network as well as the network users. Interestingly, the Polygon team was successful in fixing the vulnerability swiftly without getting noticed by the users participating in the upgrade.

According to the official blog post of Polygon, the vulnerability in the channel’s Proof-of-Stake (PoS) Genesis contract was first hinted at by two Whitehat hackers on December 3 and December 4 through Immunefi. For those who don’t know, Immunefi is popular blockchain security and bug bounty hosting portal. The critical vulnerability was likely to put over 9.27B MATIC equivalent to $23.6B at severe risk and raise safety issues amongst the customers.

The bug was fixed at Block #22156660 through an ‘Emergency Bor Upgrade’ to the Mainnet at 7:27 AM UTC on December 5, 2021. The firm confirmed that an intruder got successful in stealing 801,601 MATIC tokens amounting to a value of $2.04M before the issue was treated by the team. The Polygon team interacted closely with the group and Immunefi team members to resolve the glitch. The validator and participating nodes were notified quickly. They rallied behind the core developers to upgrade 80% of the channel within 24 hours span without any halt.

The Polygon network follows the ‘silent patches’ policy initiated by the Go Ethereum team in November 2020 and so resolved the issue quietly without making any chaos in the ecosystem. As per the rules, developers report bug fixes in a 4-8 weeks span after going live so as to eliminate the risk of exploitation during patching.

Talking about the situation, Polygon’s co-founder Jaynti Kanani highlighted the portal’s excellent capabilities to resolve the security issues quickly. The spearhead addressed the issues as a test of the resilience of the network and the ability to work under pressure. Kanani added that the decisions taken by the team were the best possible resorts available for the team at that time considering the huge stake.

Immunefi revealed that Whitehat hacker ‘Leon Spacewalker’ was the first to report the issue on December 3. He will be rewarded with $2.2M worth of stablecoins. The second person to report the issue was an anonymous user referred to as ‘Whitehat2’ who will get 500,000 MATIC tokens worth $1.27M from the Polygon team.